Security Operations Analyst
- Exam MS-500
Microsoft 365 security administrators proactively secure Microsoft 365 enterprise and hybrid environments, implement and manage security and compliance solutions, respond to threats, and enforce data governance.
- Exam SC-100
As a Microsoft cybersecurity architect, you translate a cybersecurity strategy into capabilities that protect the assets, business, and operations of an organization. You design, guide the implementation of, and maintain security solutions that follow Zero Trust principles and best practices, including security strategies for: Identity Devices Data Applications Network Infrastructure DevOps Plus, you design solutions for: Governance and Risk Compliance (GRC) Security operations Security posture management As a cybersecurity architect, you continuously collaborate with leaders and practitioners in IT security, privacy, and other roles across an organization to plan and implement a cybersecurity strategy that meets the business needs of an organization. As a candidate for this exam, you have experience implementing or administering solutions in the following areas: Identity and access Platform protection Security operations Data security Application security Hybrid and multicloud infrastructures You should have expert skills in at least one of those areas, and you should have experience designing security solutions that include Microsoft security technologies. To earn the Microsoft Cybersecurity Architect certification, you must also pass one of the following exams: SC-200, SC-300, or AZ-500. We strongly recommend that you do this before taking this exam. Important The English language version of this certification was updated on January 23, 2024. Review the study guide linked on the Exam SC-100 page for details about recent changes. Note Microsoft 365 Defender has been renamed to Microsoft Defender XDR, and Microsoft 365 Defender portal to Microsoft Defender portal. This change will appear on the exam in late April.
- Exam AZ-400
As a DevOps engineer, you’re a developer or infrastructure administrator who also has subject matter expertise in working with people, processes, and products to enable continuous delivery of value in organizations. Your responsibilities for this role include designing and implementing strategies for collaboration, code, infrastructure, source control, security, compliance, continuous integration, testing, delivery, monitoring, and feedback. As a DevOps engineer, you work on cross-functional teams that include: Developers Site reliability engineers Azure administrators You must have experience with administering and developing in Azure, with strong skills in at least one of these areas. You should be familiar with: Azure DevOps GitHub. Important The English language version of this certification was updated on January 29, 2024. Review the study guide linked on the Exam AZ-400 page for details about recent changes.
- Exam SC-400
As an information protection and compliance administrator, you plan and implement risk and compliance controls in the Microsoft Purview compliance portal. In this role, you translate an organization’s risk and compliance requirements into technical implementation. You’re responsible for implementing and managing solutions for content classification, data loss prevention (DLP), information protection, data lifecycle management, records management, privacy, risk, and compliance. You work with other roles that are responsible for governance, data, and security to evaluate and develop policies to address an organization’s risk reduction and compliance goals. You assist workload administrators, business application owners, human resources departments, and legal stakeholders to implement technology solutions that support the necessary policies and controls. You should have experience with Microsoft 365 services, including: Microsoft 365 Apps Microsoft Exchange Online Microsoft SharePoint Microsoft OneDrive Microsoft Teams You should also be familiar with PowerShell. Important The English language version of this certification was updated on August 22, 2023. Review the study guide linked on the Exam SC-400 page for details about recent changes. Note Microsoft 365 Defender portal has been renamed to Microsoft Defender portal. This change will appear on the exam in late April.
- Exam SC-200
As a Microsoft security operations analyst, you reduce organizational risk by: Rapidly remediating active attacks in the environment. Advising on improvements to threat protection practices. Referring violations of organizational policies to appropriate stakeholders. You perform: Triage. Incident response. Vulnerability management. Threat hunting. Cyber threat intelligence analysis. As a Microsoft security operations analyst, you monitor, identify, investigate, and respond to threats in multicloud environments by using: Microsoft Sentinel Microsoft Defender for Cloud Microsoft 365 Defender Third-party security solutions In this role, you collaborate with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to secure IT systems for the organization. As a candidate, you should be familiar with: Microsoft 365 Azure cloud services Windows and Linux operating systems Important The English language version of this certification will be updated on March 4, 2024. Review the study guide linked on the Exam SC-200 page for details about upcoming changes.
- Exams AZ-800,AZ-801
As a candidate for this certification, you’re responsible for configuring and managing Windows Server on-premises, hybrid, and infrastructure as a service (IaaS) platform workloads. As a Windows Server hybrid administrator, you’re tasked with: Integrating Windows Server environments with Azure services. Managing Windows Server in on-premises networks. In this role, you manage and maintain Windows Server IaaS workloads in Azure as well as migrating and deploying workloads to Azure. You typically collaborate with: Azure administrators Enterprise architects Microsoft 365 administrators Network engineers As a candidate for this certification, you deploy, package, secure, update, and configure Windows Server workloads using on-premises, hybrid, and cloud technologies. In this role, you implement and manage on-premises and hybrid solutions, such as identity, security, management, compute, networking, storage, monitoring, high availability, and disaster recovery. You use administrative tools and technologies such as Windows Admin Center, PowerShell, Azure Arc, Azure Policy, Azure Monitor, Azure Automation Update Management, Microsoft Defender for Identity, Microsoft Defender for Cloud, and IaaS virtual machine (VM) administration. As a candidate for this certification, you should have several years of experience with Windows Server operating systems. Important The English language version of this certification was updated recently. Exam AZ-800 was updated on January 29, 2024, and Exam AZ-801 was updated on August 24, 2023. Review the study guides linked on the exam pages for details about changes. Note Microsoft 365 Defender portal has been renamed to Microsoft Defender portal. This change will appear on the exam in late April.